Willis Towers Watson has introduced two new cyber risk assessment services following the publication of its recent cyber claims insights report.
The report found that human error was the “single biggest” root-cause of global cyber incidents and claims, and that ransomware was the most significant risk when considering the direct financial costs to businesses.
The group said the report has since been “instrumental” in supporting its development of a data driven, client-focused suite of cyber risk assessment services.
Aligned to its existing cyber insurance and risk transfer capabilities, the new Workforce Cyber Culture Assessment (WCCA) and Ransomware Risk Assessment (RRA) services will reportedly support clients with tailored solutions to effectively manage risk in the cyber threat environment.
The WCCA is a cyber risk methodology designed to assess people’s risk and the impact of business culture in a cyber context. It can work to highlight any perceived ‘high risk’ attitudes and behaviours within the workforce to cyber risk.
The service can provide clients with “focused and concise” recommendations for risk reduction, as well as a tailored roadmap to help achieve a “resilient” cyber security strategy with measurable and actionable metrics.
The RRA is a custom assessment framework that focuses on the most severe cyber threats facing organisations globally. The assessment observes the entirety of a client’s ransomware threat surface across several key risk areas, and provides clients with a tailored “snapshot” of their ransomware risk posture.
It also offers a concise improvement plan that is designed to assist with the timely remediation of identified security gaps, exposures or vulnerabilities. The delivery process consists of three phases and can be completed in three weeks.
Dean Chapman, lead cyber risk consultant at Willis Towers Watson, said: “The business impacts associated with people-related security incidents and ransomware attacks are well documented, and both have the potential to be catastrophic from a number of organisational standpoints, including operational, financial and reputational impacts.
“Whilst the two are intrinsically linked, for example a ransomware attack is often initiated via a breach of the ‘human’, they require slightly different approaches to risk identification, assessment and management.”
He added: “Targeting humans is quicker, easier and comes with much higher success rates – cyber criminals only need to get lucky once. For this reason, we have developed these services to assist our clients in focusing their security efforts on addressing two of the most critical cyber risks to businesses today.”